AWS SSM SSH Proxy Command

Information

Category: Linux / Miscellaneous
Watchers: 2
Star: 3
Fork: 0
Last update: Jun 10, 2020

Resource links

https://github.com/qoomon/aws-ssm-ec2-proxy-command

aws-ssm-ec2-proxy-command

Prerequisits

Local Setup
- Install AWS CLI
- Install AWS CLI Session Manager Plugin
Ensure Your IAM Permissions
- IAM Policy Example
- ssm:StartSession for DocumentName: AWS-StartSSHSession and Target Instance
  - AWS DOcumentation
- ssm:SendCommand for DocumentName: AWS-RunShellScript and Target Instance
  - AWS DOcumentation
Target Instance Setup
- Ensure SSM Permissions fo Target Instance Profile
- Ensure SSM Agent is installed (preinstalled on all AWS Linux AMIs already)
  - Install SSM Agent on Linux Instances
    - yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm & service amazon-ssm-agent restart
  - SSM Agent on Windows Instances

Install SSH Proxy Command

Move proxy command script aws-ssm-ec2-proxy-command.sh to ~/.ssh/aws-ssm-ec2-proxy-command.sh
Ensure it is executable (chmod +x ~/.ssh/aws-ssm-ec2-proxy-command.sh)

Setup SSH Config

Add ssh config entry for aws ec2 instances to your ~/.ssh/config. Adjust key file path if needed.

host i-* mi-*
  IdentityFile ~/.ssh/id_rsa
  ProxyCommand ~/.ssh/aws-ssm-ec2-proxy-command.sh %h %r %p ~/.ssh/id_rsa.pub
  StrictHostKeyChecking no

Open SSH Connection

ssh <INSTACEC_USER>@<INSTANCE_ID>
Ensure AWS CLI environemnt variables are set properly
- e.g. AWS_PROFILE='default' ssh [email protected]
- If default region does not match instance region you need to provide it like this
- AWS_PROFILE='default' ssh <INSTACEC_USER>@<INSTANCE_ID>--<INSTANCE_REGION>

TODO

Add variant to send ssh key by ec2-instance-connect:SendSSHPublicKey

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html

0 Open More issues

Closed

A 'not a tty' file generated from the proxy command

For some reasons, a new empty not a tty file is created under my current directory after I've run ssh i-XXXXXXX via this proxy script.

I'm not sure what is causing this, and it's not from the echo ... >/dev/tty line 🤔

bug

opened Jun 6, 2020 by zmingxie 10

Closed

Powershell script does not work

When trying to ssh using the ps1 script, I received an error:

usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:

  aws help
  aws <command> help
  aws <command> <subcommand> help

Unknown options: -p, &&, cd, ~ubuntu/.ssh, ||, exit, 1

And this is the error message from AWS run command:

sleep: invalid time interval ‘\r’

Try 'sleep --help' for more information.

mv: cannot stat '.authorized_keys': No such file or directory

failed to run commands: exit status 1

SSH config:

Host i-* mi-*
  IdentityFile ~/.ssh/id_rsa
  ProxyCommand powershell.exe ~/.ssh/aws-ssm-ec2-proxy-command.ps1 %h %r %p ~/.ssh/id_rsa.pub
  StrictHostKeyChecking no

bug

opened Feb 27, 2022 by asaf050 4

Closed

Windows support

Hi @qoomon, I made a Powershell version of your scripts, this allow Windows users to use your scripts without additional dependencies on their systems.

opened Dec 30, 2021 by DocLM 4

Closed

ssh handshake expose on mac

Not really sure whether the words are correct. But I found that if there's no sh -c wrap the session create command, it will expose the handshake process and cause error like: protocol mismatch

I have to use

sh -c "aws ssm start-session \
  --target "${ec2_instance_id}" \
  --document-name 'AWS-StartSSHSession' \
  --parameters "portNumber=${ssh_port}""

instead of

aws ssm start-session \
  --target "${ec2_instance_id}" \
  --document-name 'AWS-StartSSHSession' \
  --parameters "portNumber=${ssh_port}"

opened Sep 16, 2020 by lisbethw1130 4

Closed

Update aws-ssm-ec2-proxy-command.sh

I could not make the original script work with the simple command expansion $_ and worse it failed silently (and as I am admin I happened to have the root private key for all the instances on my ssh-add keychain so we could not figure out why devs could not access it but I could).

I changed it to this to a less elegant but working solution for ubuntu/centos/fedora etc but obviously there might need to be an alternative solution for distros that do not use /home/ for user directories.

opened Jul 21, 2021 by scholar6admin 3

Closed

Wrong ssh directory path

bug

opened Aug 7, 2020 by marinheiromc 3

v1.0.0(Oct 18, 2020)

Source code(tar.gz)
Source code(zip)

Export AWS SSM Parameter Store values in bulk to .env files

Pure Ruby implementation of an SSH (protocol 2) client

🐳 Dockerized SSH bastion to proxy SSH connections to arbitrary containers.

🌰 encrypt/decrypt using ssh keys

SSH.NET is a Secure Shell (SSH) library for .NET, optimized for parallelism.

Different agents and different keys for different projects, with ssh.

An experimental Tor-Proxy serivce written in Go using Go-proxy and Go-libtor.

Network I/O interface for AWS Lambda Go runtime.

An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈

AWS Tags As A Database (AWS TaaDb)🚀 is a Python 🐍 library using AWS Tags as a Key-Value database. This database is completely free* 💸

Chat over SSH.

uber's ssh certificate pam module

Easy SSH servers in Golang

A simple and powerful SSH keys manager

Puppet module to manage SSH

A bunch of useful SSH tools for powershell

A lightweight package to execute commands over an SSH connection

The missing reverse proxy for ssh scp

Automate "airgapped" server proxy with ssh socks proxy

Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang

An AWS Lambda layer that enables your Lambdas to use native git and ssh binaries — both x86_64 and arm64

Share this repo

Related Repos

Miscellaneous

the ultimate compact fzf gh extension

the ultimate compact fzf gh extension Installation • Usage • Customisation • Feedback gh-f is the ultimate, compact and snappy fzf extension for gh cl

Miscellaneous

MacOS Wallpapers for linux desktop

MacOS Wallpapers for linux desktop WhiteSur (Big Sur) Wallpapers Monterey Wallpapers Installation Install Gnome Backgrounds (wallpaper will change acc

Miscellaneous

A docker bundle with *arr apps ready to deploy on your linux machine.

Plex Home Media integrations This package is created for those who are not experts in linux servers and docker. If you follow these steps you'll be ab

Miscellaneous

Vim-textobj-string is a Vim plugin to provide text objects to select a string

vim-textobj-string is a Vim plugin to provide text objects (as and is by default) to select a string.

Miscellaneous

automatically quote arguments to commands like `git commit -m`

zsh-autoquoter zsh-autoquoter is a zle widget ("zsh plugin") that will automatically put quotes around arguments to certain commands. So instead of ha

Miscellaneous

PyTorchCV: A PyTorch-Based Framework for Deep Learning in Computer Vision.

PyTorchCV: A PyTorch-Based Framework for Deep Learning in Computer Vision @misc{CV2018, author = {Donny You ([email protected])}, howpubl

Miscellaneous

276

Documentation on building a HTTPS stack in AWS with HAProxy

Guidelines for HAProxy termination in AWS Document status NOT READY $Revision: $ @ 2022-01-14 19:00 PST Author Julien Vehent Review CloudOps Table of

Miscellaneous

8.3k

Spinnaker is an open source, multi-cloud continuous delivery platform for releasing softwa...

Welcome to the Spinnaker Project Spinnaker is an open-source continuous delivery platform for releasing software changes with high velocity and confid

Miscellaneous

A must-have configuration for Spacemacs users after defecting to Vim

🪐 My Neovim Configuration 🚀 A must-have configuration for Spacemacs users after defecting to Vim If you want the power of VSCode, the interactivity

Miscellaneous

This repo is for firmware updates, software files, and other important resources for the M...

Miyoo Mini Firmware and Configured SD This repository contains a debloated and improved SD card image for the Miyoo Mini. Latest Firmware Update Packa

Miscellaneous

This app is created that using with Shell Script and Zenity Library.

CV Hazırlama (Shell Script - Zenity Kütüphanesi) Linux Araçları ve Kabuk Programlama dersi kapsamında,Shell script ve Zenity Kütüphanesi kullanılarak

Miscellaneous

Docker container for PlexAutoSkip

PlexAutoSkip Official Docker Container Docker container for PlexAutoSkip Version Tags Tag Description latest Stable release Usage docker-compose ple

Miscellaneous

An open source meme???

Open source spiderman meme Haha spiderman make a presentation lol Install gimp This meme requires gimp, install through install_deps.sh chmod +x insta

Miscellaneous

Script to patch iOS app so we can later use it on Apple Silicon devices.

AppleSiliconUIKitPatch Script to patch iOS app so we can later use it on Apple Silicon devices. App should be decrypted if was downloaded from App Sto

Miscellaneous

dots configured after setting up NixOS on tmpfs

λ Idempotent Dotfiles SETTING UP NIXOS , MY WAY NixOS with tmpfs (Sway WM) Disclaimer: This is not a community framework or distribution. It's a priva